They can do it *better*



  • So my management chose an "intranet" package from a company with "over 650,000 users worldwide".

    They don't let local IT install the software (because, naturally, they would fsck it up), but instead require a blank server. remote access and full administrative rights, so they can do it properly.

    To be fair, the product works as advertised. I just don't like how they solve those pesky user permission issues (for uploading images and such):

    Yes, "web" is the root of the website in ISS.

    Forwarded to our "security guy", who is also the person responsible for choosing them and their primary contact. Sweet irony.


  • area_pol

    @ashkante said:

    Yes, "web" is the root of the website in ISS.

    They should call it "space".



  • I don't know what that dialog means, could someone with more experience than me explain it?



  • Every authenticated user has modify access to the root folder and subfolders and files of the root.
    So, in theory, everything unless there are different permissions further down the tree.



  • This way they don't have to worry about SQL injection.



  • @boomzilla said:

    This way they don't have to worry about SQL injection.

    Interesting idea - leave a huge, gaping, stupefying security hole to draw attention away from all those pesky, hard to catch exploits.

    I think we may be on to a new security design philosophy here :)



  • Judging by Discourse's earlier state, I think Jeff thought of it first.



  • A Google search for "over 650,000 users worldwide" (including the quotes) was interesting.

    6 of the top 10 results were from a company called Interact Intranet, and this is a typical page:


Log in to reply
 

Looks like your connection to What the Daily WTF? was lost, please wait while we try to reconnect.